Former security contractor and former CIA and NSA employee Edward Snowden recently leaked secret documents revealing that the National Security Agency (NSA) in the US has been working with technology companies to weaken encryption standards and has been using programs to intercept telephone metadata and surveil the Internet.
While discussions could be had on topics such as whistle blowing, surveillance, government secrecy and national security, the key takeaway for businesses is the impact this information has on data security. Many people are now questioning whether it is safe to store their data in US-based cloud services companies.
"If businesses or governments think they might be spied on, they will have less reason to trust the cloud and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally and providers will miss out on a great opportunity." - European Commission Vice President Neelie Kroes
In previous years, there has been the feeling that mobile devices introduced the majority of threats to data security, but this revelation makes cloud computing the more dubious alternative. The NSA combined with the American Patriot Act, which can force companies to hand over data to intelligence agencies, stands to make cloud computing in the US quite suspect. With the NSA's ability to crack encryption codes, any data that goes over the Internet (even if stored in non-US cloud-based companies) could be at risk, since most data passes through the US.
As Geoff Glave, senior product manager for endpoint security here at Absolute Software, noted to Business in Vancouver, "People have been fearing the endpoint [the computers themselves], so they’ve migrated it to the cloud, when it’s beginning to look like the endpoint may have been the safest place for that data after all."
For more about protecting data on the endpoint, visit our website.